kernel: Linux kernel io_uring: Local privilege escalation, information disclosure, or denial of service via use-after-free

A flaw was found in the Linux kernel's iouring subsystem. A local attacker with low privileges could exploit a use-after-free vulnerability when the sq-thread object is prematurely released while still being accessed by the iouringshowfdinfo function. This flaw could lead to privilege escalation,...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

openSUSE 16 Security Update : kernel (openSUSE-SU-2025:20172-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20172-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf...

EUVD-2019-8867

Malware in sbrugna...

EUVD-2020-21900

Malware in sbrugna...

EUVD-2025-5247

Malicious code in bioql PyPI...

EUVD-2023-23560

Malicious code in bioql PyPI...

EUVD-2025-22688

Malicious code in bioql PyPI...

EUVD-2022-34849

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-1872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability in the Linux Kernel iouring system can be exploited to achieve local privilege escalation. The iofilegetfixed function lacks the...

Linux Distros Unpatched Vulnerability : CVE-2022-2327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring use workflags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing...

Linux Distros Unpatched Vulnerability : CVE-2022-3176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a use-after-free in iouring in the Linux kernel. Signalfdpoll and binderpoll use a waitqueue whose lifetime is the current task. It will send a...

CVE-2025-38453 io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU

In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...

CVE-2025-38256 io_uring/rsrc: fix folio unpinning

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...

CVE-2025-38196

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: validate buffer count with offset for cloning syzbot reports that it can trigger a WARNON for kmalloc attempt that's too big: WARNING: CPU: 0 PID: 6488 at mm/slub.c:5024 kvmallocnodenoprof+0x520/0x640 mm/slub.c:5024...

CVE-2022-49791

The CVE-2022-49791 entry is about a Linux kernel issue in io_uring where a multishot accept request can leak if REQ_F_POLLED is set and the code misclassifies the operation as multishot from the polling path. The problem could lead to leaking the request by a skip-completion path, and the remedia...

CVE-2025-23154

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix ioreqpostcqe abuse by send bundle 114.987980 T5313 WARNING: CPU: 6 PID: 5313 at iouring/iouring.c:872 ioreqpostcqe+0x12e/0x4f0 114.991597 T5313 RIP: 0010:ioreqpostcqe+0x12e/0x4f0 115.001880 T5313 Call Trace:...

CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers

In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...

CVE-2025-21863

CVE-2025-21863 — Linux kernel io_uring opcode speculation : The vulnerability arises from the io_uring path where sqe->opcode is used for different tables, allowing speculative execution issues. The fix sanitises sqe->opcode to prevent speculation. Affected product: Linux kernel with io_uri...

CVE-2024-58000 io_uring: prevent reg-wait speculations

In the Linux kernel, the following vulnerability has been resolved: iouring: prevent reg-wait speculations With ENTEREXTARGREG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the offset, offset ...